The wp-d3 plugin before 2.4.1 for WordPress has CSRF.

%d bloggers like this: